from the kitchen-sink-prosecution dept

The US government has taken down another alleged leaker. Joshua Schulte, a former NSA and CIA operative, had his apartment raided by the feds last March. The raid targeted documents showing Schulte had leaked CIA hacking tools to Wikileaks (the "Vault 7" collection). But it uncovered a whole lot of child porn -- 10,000 images on Schulte's personal computer and his file-sharing server that held another 5 terabytes of data.

The first criminal complaint [PDF] by the DOJ contained nothing but child porn charges. It suggests the former government spook didn't practice much opsec when not on the clock. One IRC chat shows Schulte's aware encryption is sometimes only a temporary deterrent if the government really wants to find out what's been sent or shared. But then he apparently went on to provide the government with some easily-accessible evidence.

Based on my review of those Google Searches, I have learned, among other things, that on a number of occasions in or about 2011 and in or about 2012, SCHULTE appeared to search the Internet for child pornography. For example: (i) on or about April 9, 2011, SCHULTE conducted a Google Search for "child pornography" on at least three occasions; (ii) on or about October 15, 2011, SCHULTE conducted Google Searches for "movie where father videos daughter and friend sex" and "movie where father videos child porn"; and (iii) on or about May 15, 2012, SCHULTE conducted a Google Search for "female teenage body by year."

The recently-released superseding indictment [PDF] really starts stacking the charges. In addition to the child porn charges carried over from the original complaint, the government adds charges related to the leaked hacking tools, including unauthorized access with the intent of gathering classified info and theft of government property.

Then the charges get interesting. Schulte is charged with "causing transmission of a harmful computer program" for allegedly altering an intelligence agency "computer system" to give himself access to restricted areas of the system and cover up any evidence he had accessed these files. Apparently, this alteration resulted in other users being denied access.

There's the expected "lying to the feds" charges (making false statements, obstruction of justice) which show Schulte was very cooperative when being questioned about the child porn but apparently not so much when asked about purloined CIA data.

Rolling past the copy-pasted child porn charges, one reaches the most unexpected charge in the indictment: criminal copyright infringement.

From at least in or about September 2015, up to and including at least in or about August 2017, in the Southern District of New York and elsewhere, JOSHUA ADAM SCHULTE, the defendant, unlawfully, willfully, and knowingly did infringe copyrights by the reproduction and distribution, including by electronic means and by making it available on a computer network accessible to members of the public, during a 180-day period, of ten and more copies and phonorecords, of one and more copyrighted works, which had a total retail value of more than $2,500, to wit, without authorization, SCHULTE maintained a computer server that housed thousands of copyrighted movies, television shows, and audio recordings, which SCHULTE shared with others by electronic means and using the Internet.

This appears to refer to the server Schulte set up for IRC chat buddies. It's mentioned in a couple of chat transcripts and was, until 2017, accessible at cryptm.org. There's plenty archived at the Wayback Machine [click at your own risk, I suppose] but this server seems to be the source of the copyright infringement charge. Whether or not any of these files were actually downloaded isn't clear, but they were uploaded and accessible to site visitors. This short list of a small portion of the files hosted by Schulte on his server was put together by Jason Koebler and Lorenzo Franceschi-Bicchierai of Motherboard.

An archived version of his page there shows that he had files related to chess, an episode of South Park, a copy of The 40 Year Old Virgin, textbooks, C Programming textbooks, and a folder called “Facebook Convos.”

Speaking of Facebook, Schulte was apparently maintaining a diary of his criminal justice system experience. (Spoiler alert: it's unpleasant and broken.) The documents are worth reading for a firsthand look at the federal arraignment process and the unpleasant realities of being sentenced to house arrest (with no internet access privileges) while still supposedly an "innocent" person in the eyes of the Constitution. It does get a little weird when he claims he's only been charged with "victimless" crimes given what he's been charged with (leaking CIA hacking tools, child porn). But nothing's been proven beyond a reasonable doubt at this point, so maybe only the copyright infringement charge that will make the final cut.

As Parker Higgins points out on Twitter, this supremely weird addition should be viewed with apprehension. Copyright infringement happens all the time. Much of it has zero profit motive, but the government is apparently more than willing to selectively enforce this law if it seems it might push someone towards a plea deal and save it the trouble of having to prove its case.

from the don't-wait-too-long dept

Earlier this week our Kickstarter campaign for our adaptation of the recently declassified CIA training game, called CIA: Collect It All ended, closing out with over 500% of our target goal. Even so, we know that many people missed out on the campaign who now want to order the game as well (trust me, we've gotten your emails!). So, as we continue to get the game ready, we're now opening up a pre-order system using Celery for others to purchase the game, to be included in our list of backers when we ship out the game later this year. You can now pre-order the game right here for the next month or so until we start manufacturing the cards.

We've had a huge influx of last-minute backers thanks in large part to The Verge's review of an advance copy of the game, so if you're not yet a backer, help us keep that momentum going — and if you are, please tell your friends! CIA: Collect It All comes with over 150 high-quality playing cards, with physical copies available for $29 (shipping to 170 countries), the print-and-play PDF version for $10 (anywhere, of course!) and a five-copy bundle for retailers or groups who want to team up to save on shipping.

We are planning to continue accepting some additional pre-orders before we complete the game, but we don't have that set up just yet, and we still have no plans to continue production beyond a single print run — so if you definitely don't want to miss out, back the campaign before it's too late!

from the NATSEC-math dept

Journalist Adam Johnson's FOIA lawsuit against the CIA has been brought to a halt. Johnson sued the CIA for refusing to release classified documents it had previously voluntarily "leaked" to selected journalists. The CIA argued the documents were still classified and not subject to FOIA requests. Johnson argued the CIA had already released the documents to the public when it decided to release this classified info to journalists.

Back in February, it appeared the court was on Johnson's side. Responding to the government's motion to dismiss, the court pointed out the CIA couldn't waive FOIA exemptions when dumping docs to journalists and then seek to use them when other journalists asked for the same info.

There is absolutely no statutory provision that authorizes limited disclosure of otherwise classified information to anyone, including "trusted reporters," for any purpose, including the protection of CIA sources and methods that might otherwise be outed. The fact that the reporters might not have printed what was disclosed to them has no logical or legal impact on the waiver analysis, because the only fact relevant to waiver analysis is: Did the CIA do something that worked a waiver of a right it otherwise had? The answer: CIA voluntarily disclosed what it had no obligation to disclose (and, indeed, had a statutory obligation not to disclose).

After another round of submissions by the plaintiff and the government, the judge has reached a final decision [PDF]. What once looked like a win for the FOIA requester has been turned into judicial support for selective disclosure. The CIA can waive and reinstate FOIA exemptions as often as it wants, so long as it only dumps documents to "trustworthy" journalists who won't make the waiver permanent by publishing them in full. (h/t Chris Geidner)

I fail to see why the fact that the information exists in electronic form on some private organization's server, which server can theoretically be hacked by an unauthorized user, should be treated any differently. If the only way that information can be seen by the general public is by stealing it from an authorized recipient, logic dictates that the information is not available to the general public- it is not "in the public domain." Plaintiff and Amici make a good deal out of the fact that the newspapers' servers are not secure servers, but I do not believe that the security level of a sending or receiving server makes the slightest difference to the analysis.

So Plaintiff fails because he is unable to demonstrate that the information he seeks resides today in the public domain; assuming, for purposes of argument, that the CIA' s decision to email the information to the reporters placed it there.

There is another reason why one cannot conclude that these particular emails are in the public domain. Even if there were a copy of the emails in the files of Mr. Shane or Mr. Ignatius or Ms. Gorman, or even if the reporter-recipients could still readily call up the full text on their computers, there is no evidence in the record that any member of the public could walk into the offices of the Times or the WaPo or the WSJ and demand to see a copy. For that matter, there is no evidence that anyone could obtain the information via service of a subpoena on the reporter-recipients. This court would be shocked if the three eminent news organizations whose employees received these emails did not fight tooth and nail against any effort to make them public; and as I understand matters, the law is on their side. If that were not so, Johnson would not be asking the CIA to disclose the redacted information; he would be suing the New York Times, the Washington Post and the Wall Street Journal.

The court notes the judicial system has bent over backwards to insulate national security agencies from FOIA requesters and these agencies' own careless handling of classified material. Agencies that regularly participate in selective leaking can still keep leaked documents out of FOIA requesters' hands so long as the leak recipients haven't published the documents in full. In this case, Johnson had redacted copies of the emails sent to journalists and was seeking to have the redactions stripped away. He had already cleared the high hurdle of knowing exactly what documents had been leaked to journalists. But despite clearing a nearly impossible hurdle, the court, while sympathetic, notes judicial precedent allows the CIA to have it both ways: release info to members of the public while claiming the information was never released publicly.

When grappling with the possibility of waiver via selective and limited disclosure of classified information, courts clearly outlined a way for Government officials dealing with national security and foreign affairs material to have their cake and eat it, too. They could make disclosures to third parties when the Director deemed it necessary to protect intelligence sources and methods, and they could do so without waiving their right to invoke relevant FOIA exemptions, as long as they did so in a way that created no permanent record outside the confines of the agency of exactly what was disclosed (exactly meaning, literally, "in haec verba "). In that way, the courts could never be entirely sure that whatever "public" record did exist (the notes taken by the people who were briefly shown the records at issue in Muslim Advocates, for example) was the "specific information" that had been disclosed previously. This bit of sophistry allowed the courts deny FOIA requests on the basis discussed in Wilson v. CIA, 5 86 F .3d 171, 186 (2d Cir. 2009).

It all comes down to one thing: the journalists who received the CIA's leaks never published the documents in full. Because of this -- despite there being copies of unredacted classified info residing on certain newsroom servers -- the CIA can claim this was not a public release and keep its redactions in place. The court's refusal to hold the government to a higher standard when it invokes national security claims has resulted in this illogical conclusion: what's been made public is not public info if certain caveats apply. To celebrate this ridiculous victory for government opacity, the journalists who received these documents should publish them in full. As the court notes, they'd be well within their legal rights to do so. But that would mean they wouldn't be trusted with selective leaks in the future, so it's unlikely these members of the public will undo the damage done by 40 years of NATSEC jurisprudence.

from the time-is-running-out dept

If you haven't yet heard about CIA: Collect It All, here's the short version: the CIA recently declassified a top secret card game that it uses to train new recruits, and we're making a version that you can play at home. The game puts players in the shoes of analysts leveraging a variety of real-world intelligence gathering techniques to solve global crises. It comes with over 150 high-quality playing cards, and is also available as a print-and-play PDF.

We're continuing to work on playtesting the game, redesigning the cards, and filling in the redacted text from the CIA documents. We're really excited to get this game into everyone's hands, so check out our Kickstarter before the campaign ends tomorrow at midnight.

from the collect-it-all dept

So, we're now less than a week away from the close of our Kickstarter campaign for our version of the CIA's recently declassified training card game, which we've dubbed: CIA: Collect It All.

We've been working hard on our version of the game, filling in redacted cards, testing and tweaking certain variations and playtesting, playtesting, playtesting. The game is quite a bit of fun -- which is not something I'm used to saying about something the CIA initially created. The campaign ends next Tuesday, and we don't currently have any plans to print the game after we do this one big run, so if you're on the fence about it, now would be a good time to lean towards supporting it.

Since a bunch of people have had questions about the game, we thought it would be good to go on Reddit and do an AMA about the game. The three of us who have been working on the game -- myself and Leigh Beadon from Techdirt, and Randy Lubin from Diegetic Games -- will all be hanging out on Reddit doing the AMA starting at about 10am PT / 1pm ET today. I'll update this post with the link once it's live, but you should just be able to hit up the /r/IAmA/ subreddit and find it. That'll be the best place to have a discussion about the game, gameplay, design choices and the like (though we'll also answer questions here or on Kickstarter). So stop by and ask some questions and find out what it feels like to play the CIA's own card game. Update: Here's the link to the AMA.

from the tick-tock dept

Last month, we launched our Kickstarter campaign to turn a formerly-top-secret CIA training game into something you can play at home. We hit our goal much sooner than we expected, and now we're less than two weeks away from the close of the campaign — so if you want to get your hands on a copy, hurry up and become a backer!

CIA: Collect It All comes with over 150 high-quality playing cards in a premium box, and is also available in a digital print-and-play version. The game pits you and your friends against each other in a race to solve as many global crises as you can by leveraging clever combinations of the many varied and creative techniques used by real intelligence agencies, from satellite imagery to hacking to good old fashioned espionage.

We recently added international shipping options for 170 countries, but we still have no plans to continue producing the game after sending it out to our backers, so this might be your only chance! If you don't want to miss out, head on over to our Kickstarter campaign and secure your print-and-play or physical copy by backing us as a Digital Analyst or a Field Agent.

The campaign ends at midnight (pacific time) on Tuesday, May 22nd! Stay tuned over the next week and a half as we bring you more information here on Techdirt, or become a backer and get the inside scoop from our Kickstarter updates. And thanks to everyone who has already helped us make CIA: Collect It All a success!

Before we knew just how much interest there would be, our plan was to limit shipping to the US — but the requests from other countries came pouring in alongside the pledges, and so now we're happy to announce that CIA: Collect it All is now available in 170 countries!

As we warned from the start, international shipping isn't cheap, but we've tried to secure the best rates we possibly could. If you were waiting on availability in your country before backing the campaign — or if you pledged for the digital print-and-play version but would like to upgrade to a physical copy — now's the time. There are a few major countries we are unable to ship to (such as Brazil and Russia) due to limitations of our fulfillment partner, and unfortunately there's nothing we can do about that right now, so we apologize if you're still left out.

There's just over two weeks left in the campaign, and we still have no plans to produce more than this single print run of the game — so if you want to get your hands on a copy, now's the time to back us on Kickstarter so you don't miss out! We're overwhelmed by the support for this project (huge thanks to everyone who has backed it already), and we're excited to bring this formerly top-secret CIA training game to so many people around the world.

from the collect-it-all dept

Well, it appears we can both confirm and acknowledge that lots and lots of people want to play the CIA's in-house training card game. As we announced on Monday, we've taken the available details of the internal CIA game Collection Deck, and are in the process of turning it a version you can actually play, which we're renaming CIA: Collect It All. To see if anyone else actually wanted it, we put it on Kickstarter and set what we thought was a fairly high bar: $30,000. And yet, we hit that in about 40 hours and we still more than three and a half weeks to go. We're a bit blown away by how many people are interested, and we're committed to making the game as awesome as we can possibly make it. We recently posted an update to the campaign concerning questions around international shipping, since that's been a big topic of conversation, so if you're interested in that, go check it out.

Either way, thanks to all of you who quickly jumped in and backed the campaign (and told others about it). As we've noted in the campaign, the idea here is to do this as a one shot deal, not to keep making the game. So, while anyone can download the FOIA'd release of the rules and make your own, if you want one of our versions, you'll need to back this campaign.